@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +6 more potentially affected by CVE-2026-34373 via parse-server (>=5.6.0 <=7.5.4)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.0, =1.0.0, =1.0.1 - servable-publishable =1.1.0 Source cves: CVE-2026-34373 Source advisory: OSV:GHSA-Q3P6-G7C4-829C...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-32886 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-32886 Source advisory: OSV:GHSA-4263-JGMP-7PF4...

Apollo Federation vulnerable to prototype pollution via incomplete key sanitization

Impact A vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client may be able to pollute Object.prototype in gateway directly by crafting operations with field aliases and/or variable names that target...

CVE-2026-32621 Apollo Federation has prototype pollution via incomplete key sanitization

Apollo Federation is an architecture for declaratively composing APIs into a unified graph. Prior to 2.9.6, 2.10.5, 2.11.6, 2.12.3, and 2.13.2, a vulnerability exists in query plan execution within the gateway that may allow pollution of Object.prototype in certain scenarios. A malicious client m...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2026-32248 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2026-32248 Source advisory: OSV:GHSA-5FW2-8JCV-XH87...

ScamSweeper: Detecting Illegal Accounts in Web3 Scams Via Transactions Analysis

The web3 applications have recently been growing, especially on the Ethereum platform, starting to become the target of scammers. The web3 scams, imitating the services provided by legitimate platforms, mimic regular activity to deceive users. However, previous studies have primarily concentrated...

A Research and Development Portfolio of GNN Centric Malware Detection, Explainability, and Dataset Curation

Graph Neural Networks GNNs have become an effective tool for malware detection by capturing program execution through graph-structured representations. However, important challenges remain regarding scalability, interpretability, and the availability of reliable datasets. This paper brings togeth...

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: OSV:GHSA-X4QJ-2F4Q-R4RX...

@kontaa/subgraph (>=1.0.1 <=1.2.3), @kontaa/utils (>=1.2.1 <=1.2.3) +4 more potentially affected by CVE-2025-64430 via parse-server (>=5.6.0 <=6.5.11)

parse-server NPM version =5.6.0, =1.0.1, =1.2.1, =2.4.46, =1.0.0, =1.0.1, =1.0.23 - servable-publishable =1.1.0 Source cves: CVE-2025-64430 Source advisory: SNYK:JS-PARSESERVER-13843716...

Malicious code in dolomite-liquidator-subgraph (npm)

The package dolomite-liquidator-subgraph was found to contain malicious code...

MAL-2025-21612 Malicious code in gmx-subgraph (npm)

The package gmx-subgraph was found to contain malicious code...

MAL-2025-29496 Malicious code in polymarket-subgraph-common (npm)

The package polymarket-subgraph-common was found to contain malicious code...

Malicious code in polymarket-subgraph-common (npm)

The package polymarket-subgraph-common was found to contain malicious code...

Malicious code in gmx-subgraph (npm)

The package gmx-subgraph was found to contain malicious code...

MAL-2025-18603 Malicious code in dolomite-liquidator-subgraph (npm)

The package dolomite-liquidator-subgraph was found to contain malicious code...

ProvX: Generating Counterfactual-Driven Attack Explanations for Provenance-Based Detection

Provenance graph-based intrusion detection systems are deployed on hosts to defend against increasingly severe Advanced Persistent Threat. Using Graph Neural Networks to detect these threats has become a research focus and has demonstrated exceptional performance. However, the widespread adoption...

MAL-2025-3587 Malicious code in swap-subgraph (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc32db990bb425f3c32c2f312da5d2e3315f210e4aa1cc342f3df5c3827f6fe5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in swap-subgraph (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware bc32db990bb425f3c32c2f312da5d2e3315f210e4aa1cc342f3df5c3827f6fe5 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Graph Privacy: a Heterogeneous Federated GNN for Trans-Border Financial Data Circulation

The sharing of external data has become a strong demand of financial institutions, but the privacy issue has led to the difficulty of interconnecting different platforms and the low degree of data openness. To effectively solve the privacy problem of financial data in trans-border flow and sharin...

Dual Explanations Via Subgraph Matching for Malware Detection

Interpretable malware detection is crucial for understanding harmful behaviors and building trust in automated security systems. Traditional explainable methods for Graph Neural Networks GNNs often highlight important regions within a graph but fail to associate them with known benign or maliciou...